SSL Decryption Woes

Reply
L6 Presenter

Re: SSL Decryption Woes

Still don't have an answer from TAC.

L1 Bithead

Re: SSL Decryption Woes

Slightly OT, what kind of traffic do you manage to require 3050s instead of 3020s for 1K users?

L6 Presenter

Re: SSL Decryption Woes

Bug ID 83524 -

 

Has been documented for sites with unsupported cipher suites still not being accessible when configured to not block unsupported cipher suites.

 

The current work around is to bypass URLs as they come.  As of this date 8 Sep 15, this bug still isn't resolved in 7.0.2, though operability with other ciphers might be better the bug isn't officially resolved in 7.0.2.

Highlighted
L3 Networker

Re: SSL Decryption Woes

I asked a Palo Alto representative about this a few months back, and support for TLS_ECDHE_RSA and TLS_DHE_RSA was planned to be implemented sometime in the first half of 2016.

 

Could be coming in PANOS 8?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!